From 1ef3c282a257230e4168799dd3c676ee92e1b250 Mon Sep 17 00:00:00 2001
From: Kevin Enderby <enderby@apple.com>
Date: Thu, 8 Oct 2015 22:50:55 +0000
Subject: [PATCH] =?UTF-8?q?Fix=20a=20bug=20in=20llvm-objdump=E2=80=99s=20p?=
 =?UTF-8?q?rinting=20of=20Objective-C=20meta=20data=20from=20malformed=20M?=
 =?UTF-8?q?ach-O=20files=20that=20caused=20a=20crash=20because=20of=20a=20?=
 =?UTF-8?q?section=20header=20had=20a=20size=20that=20extended=20past=20th?=
 =?UTF-8?q?e=20end=20of=20the=20file.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

rdar://22983603


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249768 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Object/MachOObjectFile.cpp                |  29 ++++++++++++++++--
 .../malformed-machos/mem-crup-0040.macho      | Bin 0 -> 9248 bytes
 test/tools/llvm-objdump/malformed-machos.test |   6 ++++
 tools/llvm-objdump/MachODump.cpp              |   2 ++
 4 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 test/tools/llvm-objdump/Inputs/malformed-machos/mem-crup-0040.macho

diff --git a/lib/Object/MachOObjectFile.cpp b/lib/Object/MachOObjectFile.cpp
index f89e8e48594..4f9ccedd0c6 100644
--- a/lib/Object/MachOObjectFile.cpp
+++ b/lib/Object/MachOObjectFile.cpp
@@ -483,9 +483,32 @@ uint64_t MachOObjectFile::getSectionAddress(DataRefImpl Sec) const {
 }
 
 uint64_t MachOObjectFile::getSectionSize(DataRefImpl Sec) const {
-  if (is64Bit())
-    return getSection64(Sec).size;
-  return getSection(Sec).size;
+  // In the case if a malformed Mach-O file where the section offset is past
+  // the end of the file or some part of the section size is past the end of
+  // the file return a size of zero or a size that covers the rest of the file
+  // but does not extend past the end of the file.
+  uint32_t SectOffset, SectType;
+  uint64_t SectSize;
+
+  if (is64Bit()) {
+    MachO::section_64 Sect = getSection64(Sec);
+    SectOffset = Sect.offset;
+    SectSize = Sect.size;
+    SectType = Sect.flags & MachO::SECTION_TYPE;
+  } else {
+    MachO::section Sect = getSection(Sec);
+    SectOffset = Sect.offset;
+    SectSize = Sect.size;
+    SectType = Sect.flags & MachO::SECTION_TYPE;
+  }
+  if (SectType == MachO::S_ZEROFILL || SectType == MachO::S_GB_ZEROFILL)
+    return SectSize;
+  uint64_t FileSize = getData().size();
+  if (SectOffset > FileSize)
+    return 0;
+  if (FileSize - SectOffset < SectSize)
+    return FileSize - SectOffset;
+  return SectSize;
 }
 
 std::error_code MachOObjectFile::getSectionContents(DataRefImpl Sec,
diff --git a/test/tools/llvm-objdump/Inputs/malformed-machos/mem-crup-0040.macho b/test/tools/llvm-objdump/Inputs/malformed-machos/mem-crup-0040.macho
new file mode 100644
index 0000000000000000000000000000000000000000..f0765a4ce51a83885b5a8df33babad5c9c35f64e
GIT binary patch
literal 9248
zcmeHNO>7%Q6dpG%4Ixmca0pPqK`9E*cvI9y0jW}cD+fZ7#tA~8YU-a&vh8};^{&+z
zQQ@c*5k-}J;78(w5Vu}>;DP{A2@c#iz#%8p1E3%kDF-B~N)W!cGqYZ=<B$X5v`?9x
z`R2`h^XB=@YIY{y-~IjXgN&`VF~;seiX+`Z#Z|Aw*u%iz?PHAd`H5HO0m4EZf+8^}
z*a4(=spH($SKNBTFyHfsgsxvUQP}UXpH=-b3Y<G`IqUdUVZKGlM{^<}91}(F*)I8%
zUhwf{-7M-Qv<UN=lJ618K^ShSOOt(e_I!>Pba&ax6!a#(cO)PAh(uw5Lfok2+~doc
z8OI^Quzl;2?><SO@W1epeQu@LY~KfxPyK!hx8^HbmkcY<4QtW%>}`yfk0oD95)f|i
zpCXny=lU{VERpLx3D0*^@^#DhgeitwNj;9oN9IQYtyKKB$SIDASNVZ+%j8a_khM)-
zbW8YMcIH!bw2XpwQM?7?kaIJ$8(&-!sqqO1`ILQXM!`5S4aW`J*WJJ;ED7>~N45}*
zlFuk)mUQ}Q!+ePbKE?>|{=14ewk^kd8-)4#B;O4=A;Ka1)KtA(+UMwINngb4Ak4QR
z`IP?%2l=r6WQ&IRI%T{Dh%wA}E5t`Q$Oo34`0^PyBkgUBmrdDvRt(PwhxnvMWE97=
zhB%*^oPKFyd{VuW6GHEgE^%VNsHZpy#@+qELrAoKL_IxYOe;Gj&9rkFQ!|aM<{DO|
zKVLyH={?z#j8zBFk|o4M<H)OkN@@vD#cm)cJ1G`ujDa4;4kJGYf}0qM-cxGMRHj62
z$u9LyM6pR`(O*ufLH8&SjdQ*0wLiZ6`uLykev$rY{)zHXFY4e@#yUE@^o+t(2kAsQ
zheUm8d=`HT^v7aay5hKcL7OtNrA(=!ou*gOCA)ON(N5cC3%{pfTS@N)MYY;1ddWeJ
zqm2dhpd<bvB%h!C45a)F55u*zB9bH0!O)U4_xlQVHTDxGCP#xkpF&@n@12BrXFV-3
zga1jMMe_UsJmA$tkH`a&2O<wd9*8^;d0@{TSV*n?lDcv`o?5%Sm0CaW9`-b;wTU~a
z^^>bqymonOllJ<lE8oV?ezSe_Q<SH!J@!7bk@WV_tH^81c(C7o-QM0dEW>5A*WzNA
zHGF(<c;E%vH-L*Bp>~j9PJ0#lMm~X@(vtihqB89tJJB=l^#%aVLtci$8*?nS5|70@
z54P8cJS1;Q9<?u3>Qxl_WKwmMhrcs}x}D0j529h!_pbV`RNwnm=-OpM=8GDq=xtv7
z>Xrq?ujUc&YT49N)b_~Rx5sw7j}~bo4@4e_JP>&x@<8N)$ODlFA`e6!h&&K^Ao9Tf
z>w&JG_}qALAU!rWo*pYE&Kw@*Govq#@v*6qbei|_>GVwYyq<H}nTuPonpD0#F+bAO
zpxRx7UR+b_g`!*GxlC?ZXVncHaCj2?toGnA4mk4O-969Zx)^uu)s4TDzQ)+aI4tn4
z2n)_qTDS6Px`}&^K_w(6>|-5lpE4nEa55A$El_`|jcxYeV5ElYBTqhmT;z9u>ZI$Y
zV@SAP@kO1CcvnKG^{?cpBJVd7cPK%83cAI%82e=A#|3IeL`gi<`NmD)-T)?jFOvGd
z2g1{MDEtF(0!hhj6cP#`r}lYzNVyl~2awcwM^HY5GYfSNa#CV-9x?}vKQ&Kggz(!T
z{9y=R7ufd?9goPPmSHL<n6}{HZcLjk*{+^(v~k_J;MzrTvsgfc*nvw%EpP~yEbO7{
zXxT9H+N9;`rGlO}GOq3fn3GvgJ*S%(Sr3dO6(Y2qe#<TuaN)T!G{^@}c+JE)T+(L!
tuh*j}LC17wS>pn!tEHkv1pa44jl=uvQ&a~BudA9D<xWeiX=PGK{R3Ro8tVW6

literal 0
HcmV?d00001

diff --git a/test/tools/llvm-objdump/malformed-machos.test b/test/tools/llvm-objdump/malformed-machos.test
index e836239a250..2167c706550 100644
--- a/test/tools/llvm-objdump/malformed-machos.test
+++ b/test/tools/llvm-objdump/malformed-machos.test
@@ -18,3 +18,9 @@
 # RUN:   | FileCheck -check-prefix=m0010 %s 
 
 # m0010: 00000000000010e0 0x10e8 _OBJC_CLASS_
+
+# RUN: llvm-objdump -macho -objc-meta-data \
+# RUN:   %p/Inputs/malformed-machos/mem-crup-0040.macho \
+# RUN:   | FileCheck -check-prefix=m0040 %s 
+
+# m0040: 00000000000010a0 0xf39 -[tiny_dylib init]
diff --git a/tools/llvm-objdump/MachODump.cpp b/tools/llvm-objdump/MachODump.cpp
index b6b910f55dc..993e9e6817b 100644
--- a/tools/llvm-objdump/MachODump.cpp
+++ b/tools/llvm-objdump/MachODump.cpp
@@ -2340,6 +2340,8 @@ static const char *get_pointer_64(uint64_t Address, uint32_t &offset,
   for (unsigned SectIdx = 0; SectIdx != info->Sections->size(); SectIdx++) {
     uint64_t SectAddress = ((*(info->Sections))[SectIdx]).getAddress();
     uint64_t SectSize = ((*(info->Sections))[SectIdx]).getSize();
+    if (SectSize == 0)
+      continue;
     if (objc_only) {
       StringRef SectName;
       ((*(info->Sections))[SectIdx]).getName(SectName);